Initial commit - Runtipi Appstore with Wazuh 4.14.1

- Added Wazuh 4.14.1 SIEM/XDR application for Runtipi - Simplified init scripts following official Wazuh Docker patterns - Complete documentation in French (description.md) - Health check diagnostic script (wazuh-health-check.sh) - SSL/TLS certificates auto-generation - Whoami test application included 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-02 12:26:29 +01:00
commit 46122d5a7f
30 changed files with 2584 additions and 0 deletions
--- a/apps/wazuh-runtipi/data/scripts/init-indexer-init.sh
+++ b/apps/wazuh-runtipi/data/scripts/init-indexer-init.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+set -e
+
+echo "INDEXER_INIT: Starting security initialization..."
+
+# Check if security files already exist
+if [ ! -f /mnt/host-security/internal_users.yml ]; then
+    echo "INDEXER_INIT: Copying security configs..."
+
+    SRC_PATH="/usr/share/wazuh-indexer/config/opensearch-security"
+
+    for file in config.yml roles.yml roles_mapping.yml internal_users.yml action_groups.yml tenants.yml nodes_dn.yml whitelist.yml; do
+        if [ -f "$SRC_PATH/$file" ]; then
+            cp "$SRC_PATH/$file" /mnt/host-security/
+            echo "INDEXER_INIT: Copied $file"
+        else
+            echo "INDEXER_INIT: $file not found, skipping"
+        fi
+    done
+
+    echo "INDEXER_INIT: Security files ready"
+else
+    echo "INDEXER_INIT: Security files already exist, skipping copy"
+fi
+
+# Set JAVA_HOME
+export JAVA_HOME=/usr/share/wazuh-indexer/jdk
+
+# Wait for indexer to be ready
+echo "INDEXER_INIT: Waiting for indexer to be available..."
+until curl -ks https://wazuh.indexer:9200 -u "${INDEXER_USERNAME:-admin}:${INDEXER_PASSWORD:-admin}"; do
+    echo "INDEXER_INIT: Indexer not ready, retrying in 5 seconds..."
+    sleep 5
+done
+
+echo "INDEXER_INIT: Indexer is ready, initializing security..."
+
+# Initialize security
+/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
+    -cd /mnt/host-security/ \
+    -cacert /usr/share/wazuh-indexer/config/certs/root-ca.pem \
+    -cert /usr/share/wazuh-indexer/config/certs/admin.pem \
+    -key /usr/share/wazuh-indexer/config/certs/admin-key.pem \
+    -h wazuh.indexer \
+    -p 9200 \
+    -nhnv
+
+echo "INDEXER_INIT: Security initialization completed successfully"
+
+# Create completion marker file
+touch /mnt/host-security/.init-complete
+
+# Keep container alive (Runtipi requirement)
+# Using tail -f /dev/null keeps the container in a healthy "running" state
+echo "INDEXER_INIT: Initialization complete, container will remain alive"
+tail -f /dev/null